Conference Paper

An Experimental Evaluation of the Computational Cost of a DPI Traffic Classifier.

Dipt. di Autom. e Inf., Politec. di Torino, Turin, Italy
Conference: Proceedings of the Global Communications Conference, 2009. GLOBECOM 2009, Honolulu, Hawaii, USA, 30 November - 4 December 2009
Source: DBLP


A common belief in the scientific community is that traffic classifiers based on deep packet inspection (DPI) are far more expensive in terms of computational complexity compared to statistical classifiers. In this paper we counter this notion by defining accurate models for a deep packet inspection classifier and a statistical one based on support vector machines, and by evaluating their actual processing costs through experimental analysis. The results suggest that, contrary to the common belief, a DPI classifier and an SVM-based one can have comparable computational costs. Although much work is left to prove that our results apply in more general cases, this preliminary analysis is a first indication of how DPI classifiers might not be as computationally complex, compared to other approaches, as we previously thought.

Download full-text


Available from: Fulvio Risso,
  • Source
    • "A (non exhaustive) list can be papers [3] [4] [5] [6]. Only recently a paper appeared [7] that demonstrates how the complexity of a well-known traffic classifier based on Support Virtual Machine may be comparable to the DPI one. So far, most of the work focused on the analysis or the definition of new techniques for performing fast and scalable regular expression matching [8] [9] [10], which are mostly appropriate when thousands of rules are present or when the characteristics of the ruleset in use require a careful representation in memory in order to avoid state explosions [1], which are common conditions especially in case of IDS. "
    [Show abstract] [Hide abstract]
    ABSTRACT: Traffic classification through Deep Packet Inspection (DPI) is considered extremely expensive in terms of processing costs, leading to the conclusion that this technique is not suitable for DPI analysis on high speed networks. However, we believe that performance can be improved by exploiting some common characteristics of the network traffic. In this paper we present and evaluate some optimizations that can definitely decrease the processing cost and can even improve the classification precision.
    Proceedings of the 2010 ACM Symposium on Applied Computing (SAC), Sierre, Switzerland, March 22-26, 2010; 01/2010
  • [Show abstract] [Hide abstract]
    ABSTRACT: A wide range of traffic classification approaches has been proposed in the last few years by the scientific community. However, the development of complete classification architectures that work directly in real-time on high capacity links is limited. In this paper we present the implementation of a machine-learning technique (SVM), one of the most accurate but most computationally expensive mechanisms, on the CoMo project infrastructure. We show the computational time required to process different traffic traces and the optimization steps we adopted to improve the performance of the system and achieve real-time classification on high-speed links.
    Proceedings of the 7th International Wireless Communications and Mobile Computing Conference, IWCMC 2011, Istanbul, Turkey, 4-8 July, 2011; 01/2011
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: The emergence of new Internet paradigms has changed the common properties of the network data, increas-ing the bandwidth consumption and balancing traffic in both directions. These facts raised important chal-lenges, making it necessary to devise effective solutions for managing network traffic. Since the traditional methods are rather ineffective and easily bypassed, particular attention has been paid to the development of new approaches for traffic classification. This article surveys the studies on peer-to-peer traffic detection and classification, making an extended review of the literature. Furthermore, it provides a comprehensive analysis of the concepts and strategies for network monitoring.
    ACM Computing Surveys 01/2011; 45(3). DOI:10.1145/2480741.2480747 · 3.37 Impact Factor
Show more